This page contains a Flash digital edition of a book.
and penalties and trust. By being proactive in addressing threats within high-risk areas, organizations can reduce the possi- bility of a privacy breach.


By Nicholas F . Cheung


“Organizations of all sizes have privacy challenges and the best thing anyone in the organization can do is to ask the right questions,” says Claudiu Popa, author of The Canadian Privacy and Data Security T


oolkit for Small and Medium Enterprises: M


ost privacy breaches occur not because cybercriminals are super- sophisticated and technically far ahead of existing security systems and practices, but because simple, inexpen- sive controls have not been implemented. According to a recent joint study by


the Verizon Business Risk Team and the United States Secret Service, 96 per cent of data breaches could have been avoided by the use of simple or interme- diate controls. In fact, 85 per cent of the attacks were not even considered very difficult to detect; only four per cent would have required complex and ex- pensive preventive measures.


14 SECURITY MATTERS • NOVEMBER/DECEMBER 2010


The study also highlighted the fact that 61 per cent of data breaches were discovered by third parties (and even then only after weeks or months), such as payment card processors (due to their fraud-detection programs), law enforce- ment agencies and customers. All these statistics suggest that organizations must assess their vulnerability to privacy risks by examining their privacy practices on a regular basis.


Privacy breaches in both the public and private sectors have highlighted the significant costs that can be brought on by such events – damage to reputation, brand value, business relationships, fines


“To address this challenge we first need to understand that privacy is supported by the three pillars of data protection: admin- istrative security, physical security and IT security. Once that knowledge is in place, an elegant, standardized risk-assessment process can be used to test the effective- ness of privacy and security controls.” The process of finding out what privacy vulnerabilities your organization may have begins with a privacy-risk assessment. The Privacy Risk Assessment Tool devel- oped through the combined efforts of the American Institute of Certified Public Ac- countants (AICPA) and the Canadian In- stitute of Chartered Accountants (CICA) is a useful tool that can help facilitate and document the risk-assessment process. The recently updated Privacy Risk As- sessment Tool self-assessment template is based on the 10 principles and 73 criteria within Generally Accepted Privacy Princi- ples (GAPP), an internationally recognized


Page 1  |  Page 2  |  Page 3  |  Page 4  |  Page 5  |  Page 6  |  Page 7  |  Page 8  |  Page 9  |  Page 10  |  Page 11  |  Page 12  |  Page 13  |  Page 14  |  Page 15  |  Page 16  |  Page 17  |  Page 18  |  Page 19  |  Page 20  |  Page 21  |  Page 22  |  Page 23  |  Page 24  |  Page 25  |  Page 26  |  Page 27  |  Page 28  |  Page 29  |  Page 30  |  Page 31  |  Page 32